Академический Документы
Профессиональный Документы
Культура Документы
Find out where your weaknesses lie with a Red Team Assessment
and take action now to improve your security posture.
www.nccgroup.trust
WHAT IS RED TEAMING AND WHY WOULD
YOU NEED TO ENGAGE A RED TEAM?
In today’s hostile threat landscape, how to mitigate risk and prevent an organisation from becoming victim to a cyber attack, fraud or act of
corporate espionage should be on every board agenda.
With the significant increase in the number of reported cyber attacks, organisations of all
sizes now carry out red teaming as part of their cyber security strategy to assess their cyber
resilience and overall security posture and help reduce the risk of becoming a victim.
Our Red Team
Now more than ever, organisations require assurance that the investment they are making
in both cyber & physical security is working and keeping malicious attackers from achieving
assessments
their aim. test the effectiveness
Red teaming exercises are carried out to gauge an organisation’s resilience to sophisticated, of an organisation’s
planned, and sustained attack and assess multiple facets of an organisation’s cyber strategy,
maturity and protection levels. security procedures,
Once commissioned for a project, our elite security team take the role of a malicious intruder awareness and control
and carry out covert hostile reconnaissance (both physical and cyber) followed by a full-blown
covert attack against the target organisation.
in a real-world attack
Assessments of this nature help measure the likelihood that that a threat actor could gain
scenario.
remote access to an organisation’s most sensitive systems and data, bypassing existing
preventative or remedial controls.
All Rights Reserved. © NCC Group 2015 Understanding Red Team Attacks 2
WHAT DO WE DO DURING A RED TEAM EVENT?
All Rights Reserved. © NCC Group 2015 Understanding Red Team Attacks 3
WHAT IS AT RISK?
All Rights Reserved. © NCC Group 2015 Understanding Red Team Attacks 4
HOW DOES IT WORK?
Before the project can get underway a series of meetings or conference calls This phase ensures that we are operating within the boundaries set out by
Project are arranged to set out the terms of the engagement. you and that minimal disruption is caused to the day-to-day running of the
organisation.
Initiation
Information is gathered using information about an organisation that is If appropriate, physical reconnaissance may also be undertaken at this point
Planning & available within the public domain. This could include information that would be within the assessment to identify times of heavy footfall through the entrance
useful in performing phishing-style attacks or lists of physical sites owned by the and exits of a targeted building, in order to identify the best windows of time
Intelligence target organisation. in which to attempt physical breach attacks.
Physical access to corporate buildings by tailgating or social engineering, are Stand-off electronic attacks against wireless networks, or intelligence-led
often the first step to gaining a foothold within an organisation. spear-phishing attacks, can also be used when trying to gain entry.
Breach
The command and control phase examines the organisation’s resilience to an It examines how quickly unusual outbound traffic or data exfiltration can be
Command attacker establishing a secure command and control channel. identified by the organisation under assessment.
& Control
The assessment will then typically proceed to a phase in which lateral This phase will generate network activity which may look significantly
Lateral movement through the organisation is used to identify and access business- different to a traditional penetration test.
critical or commercially-sensitive systems.
Movement
All Rights Reserved. © NCC Group 2015 Understanding Red Team Attacks 5
CONCLUSION &
ADDITIONAL RESOURCES
Every organisation would benefit from a red team engagement as it would result in a list
of security-related findings that, when addressed, will improve the security posture of the
organisation.
NCC Group’s first experience of red teaming dates back to 2000, when we worked with
the very early IP-based mobile telecommunication networks and performed live red-team
assessments against 2G, 2.5G, 3G and 4G networks from a subscriber handset perspective
against the network core.
We have developed and refined a strategy and supporting methodologies which, when
adopted, minimise the risks posed to these systems and functions during red team
engagements no matter which vertical the organisation operates in.
ADDITIONAL RESOURCES
Blog - Red Team - Train like you fight
All of our cyber security research and thought leadership is available at:
www.nccgroup.trust/research
All Rights Reserved. © NCC Group 2015 Understanding Red Team Attacks 6
ABOUT NCC GROUP
Visit: www.nccgroup.trust
Contact: response@nccgroup.trust
Share